OTR

OTR

From:

Elkom

Date:

2014-10-06 @ 21:08

Hi
OTR works correctly with Pidgin pnly. I use Pidgin as an "office side"
of the Converse.JS. I tried Xabber and CryptoChat on Android without
success. On the PC I tried all other clients and the result is the same.
Base64 encoded ?OTR?........ in a text window instead of silent key
exchange.
Pidgin is OK but there must be something wrong. A setting somewhere? It
looks like the negotiation headers are not compatible. Other Jabber
clients don't recognize what converse.js is sending. Only Pidgin
understands it.
---
This email is free from viruses and malware because avast! Antivirus
protection is active.
http://www.avast.com

Re: [conversejs] OTR

From:

Jc Brand

Date:

2014-10-07 @ 07:42

On Mon, Oct 06, 2014 at 11:08:21PM +0200, ELKOM wrote:
> Hi> > OTR works correctly with Pidgin pnly. I use Pidgin as an "office side"> of the Converse.JS. I tried Xabber and CryptoChat on Android without> success. On the PC I tried all other clients and the result is the same.> Base64 encoded ?OTR?........ in a text window instead of silent key> exchange.> Pidgin is OK but there must be something wrong. A setting somewhere? It> looks like the negotiation headers are not compatible. Other Jabber> clients don't recognize what converse.js is sending. Only Pidgin> understands it.
If the bug is in converse.js, and not in otr.js (which sounds likely), then the
first place I would look is in the receiveMessage method:
https://github.com/jcbrand/converse.js/blob/72753e209ce19282b2d22d0b3d4cbe0f40f9dc3d/converse.js#L969
I'm guessing that the other OTR-enabled clients initiate OTR slightly
differently than Pidgin, and that the regex on line 969 doesn't match it.

Re: [conversejs] OTR

From:

Elkom

Date:

2014-10-07 @ 11:41

> If the bug is in converse.js, and not in otr.js (which sounds likely), then the> first place I would look is in the receiveMessage method:> >
https://github.com/jcbrand/converse.js/blob/72753e209ce19282b2d22d0b3d4cbe0f40f9dc3d/converse.js#L969
> > I'm guessing that the other OTR-enabled clients initiate OTR slightly> differently than Pidgin, and that the regex on line 969 doesn't match it.
Converse sends it:
?OTR,1,2,?OTR:AAIKAAAA
?OTR,2,2,tIBhCn6yr
Only Pidgin understands it.
All other clients simply receive it as a text message.
You have in your code this:
if (text.match(/^\?OTRv23?/)) {
---
This email is free from viruses and malware because avast! Antivirus
protection is active.
http://www.avast.com

Re: [conversejs] OTR

From:

Elkom

Date:

2014-10-07 @ 12:01

Again:-)
This is Converse'es job:
?OTR,1,2,?OTR:AAIKAAAA
?OTR,2,2,tIBhCn6yr
Converse starts transmitting it when OTR is being initiated on the
website. I only receive it passively.
For a certain reason most Jabber clients do NOT understand it. Only
Pidgin understands it. All others interpret it as a normal unencrypted
message.
This is initial sequence initiated by the Converse.
---
This email is free from viruses and malware because avast! Antivirus
protection is active.
http://www.avast.com

Re: [conversejs] OTR

From:

Jc Brand

Date:

2014-10-07 @ 14:22

On Tue, Oct 07, 2014 at 02:01:57PM +0200, ELKOM wrote:
> Again:-)> > This is Converse'es job:> ?OTR,1,2,?OTR:AAIKAAAA> ?OTR,2,2,tIBhCn6yr> > Converse starts transmitting it when OTR is being initiated on the> website. I only receive it passively.> > For a certain reason most Jabber clients do NOT understand it. Only> Pidgin understands it. All others interpret it as a normal unencrypted> message.> This is initial sequence initiated by the Converse.
Looking at the code, it appears as if that query is created by otr.js in
the sendQueryMsg method:
https://github.com/arlolra/otr/blob/be50ec34ebe14b5d22180928c4df651c0ff95b34/build/otr.js#L2419
Looking at the OTR spec, the query message they specify in the spec looks slightly
different than what you wrote above.
See OTR Query Messages, here: https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
Arlo Breault, who wrote otr.js might be able to tell you why.

Re: [conversejs] OTR

From:

Elkom

Date:

2014-10-07 @ 14:50

> See OTR Query Messages, here: https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html> > Arlo Breault, who wrote otr.js might be able to tell you why.
How to contact him? Does he read this list?
---
This email is free from viruses and malware because avast! Antivirus
protection is active.
http://www.avast.com

Re: [conversejs] OTR

From:

Jc Brand

Date:

2014-10-07 @ 15:24

On Tue, Oct 07, 2014 at 04:50:49PM +0200, ELKOM wrote:
> > See OTR Query Messages, here:
https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
> > > > Arlo Breault, who wrote otr.js might be able to tell you why.> > How to contact him? Does he read this list?
His email address is on his github page.